Senior Technology Risk Manager

SENIOR TECHNOLOGY RISK MANAGER – CYBER SECURITY CONTROL DIVISION Salary: Competitive and based on experienceLocation: Hong Kong You will be entrusted with significant responsibility for safeguarding the organisation’s digital assets. Your day‑to‑day activities will involve close collaboration with various departments to develop forward‑thinking policies that address current and future risks, lead rigorous assessments across diverse technology environments—from on‑premises infrastructure to cloud platforms—and play a central role in orchestrating incident response operations. Responsibilities Formulate, review, and manage comprehensive cyber security policies, standards, and procedures to ensure organisational compliance with internal and external requirements. Assisting in planning technology‑related risk management strategies by developing processes and work plans that address evolving cyber threats. Participate actively in the design, development, and implementation phases of key cyber security projects to enhance overall protection measures. Plan and conduct thorough cyber security assessments and IT risk evaluations covering IT general controls, information asset management, access controls, cloud/server/endpoint/network/middleware security reviews. Support the execution of security initiatives to maintain compliance with corporate information security policies as well as local and international compliance standards. Organise and conduct penetration tests, red/blue/purple teaming exercises, vulnerability assessments, and validation controls for both local and overseas entities to identify potential risks. Provide operational support for cyber security incident response activities by collaborating closely with local and regional Security Operations Centre (SOC) teams to improve daily monitoring, analysis, investigation, and response protocols. Coordinate cross‑country cyber incident response drills to ensure preparedness for large‑scale or complex incidents affecting multiple jurisdictions. Serve as a subject‑matter expert by supporting business units and cross‑functional teams in identifying cybersecurity risks, discussing control gaps, and proposing effective remediation strategies. Research the latest developments in cyber threats and threat intelligence to keep the organisation informed about new risks while evaluating innovative solutions. Take ownership of cyber security policy formulation and risk management strategies, ensuring alignment with global best practices and regulatory requirements. Engage in high‑impact projects including penetration testing, vulnerability assessments, incident response operations, and regional cyber security exercises that span across Asia Pacific and Mainland China. Qualifications A degree in Computer Science, Information Systems or a related discipline. At least two years’ experience in IT security, technology risk management, compliance or IT audit functions gained within sizable financial institutions. Possession of at least one recognised professional qualification under HKMA enhanced competency framework such as CISA, CISSP or CISM. Additional industry‑recognised certifications such as OSCP/OSCE/OSWE/OSEE/GXPN/GPEN/GCPN/GCIH/GSOC/GCFA/OSDA/CCIE/CCNP are highly desirable. Familiarity with regulatory frameworks including HKMA TM‑E‑1/TM‑C‑1/TM‑G‑1/C‑RAF/PCI‑DSS/ISO 27001/PDPO/NIST/MITRE ATT&CK/OWASP. Hands‑on experience with technologies such as Firewall, IDS/IPS/WAF/DNS Security/Email Security/SIEM/SOAR/DLP/UEBA/BAS/XDR/Deception/Generative AI/Machine Learning/Application of AI/ML/LLM/MCP/RAG libraries in Python. Proven track record coordinating cross‑country cyber incident response drills highlighting ability to manage complex scenarios involving multiple stakeholders. Experience managing SOC operations including offensive security/container security/CSPM/threat hunting/OSINT/dark web monitoring/malware analysis/secops/digital forensics/attack surface management/cloud/on‑premises anti‑DDoS solution/threat modelling/supply chain cybersecurity/vulnerability management. Willingness to travel occasionally across Asia Pacific region (including Shenzhen and Shanghai) for regional assessments or training exercises. Excellent command of written and spoken English is required; proficiency in Mandarin is considered an advantage. Benefits This institution stands out due to its unwavering commitment to technological advancement paired with a deep‑rooted culture of collaboration. Employees benefit from extensive training opportunities designed to foster both personal growth and professional development. The organisation’s inclusive approach ensures that every team member’s voice is heard—encouraging open dialogue around new ideas while supporting flexible working arrangements when possible. With access to state‑of‑the‑art tools and resources—including advanced AI‑powered solutions—you’ll have everything needed to stay ahead of industry trends. Next Steps If you are ready to take on this rewarding challenge where your expertise can make a real difference in protecting critical assets on a global scale, we encourage you to apply now Apply today by clicking on the link provided – seize this opportunity to advance your career within one of Hong Kong’s most respected financial institutions. About the job Contract Type: Permanent Workplace Type: On‑site Experience Level: Senior Management Location: Central and Western District, Hong Kong Job Reference: ZEX3L5‑3517AEC7 Date posted: 21 October 2025 Consultant: Krishi Shah #J-18808-Ljbffr